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Secure Hybrid Work with 
Microsoft + Cloudflare 


Accelerate cloud modernization and productivity 
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Cloud migration risks 


Addressing hybrid-cloud challenges 


With the accelerated shift to hybrid work, 
organizations are modernizing their environment by 
turning to Microsoft for many of their cloud migration 
needs. Unfortunately, due to the popularity of 
Microsoft’s cloud applications and services, this shift 
to the cloud can often further expose users and 
applications to a wider range of threats. 


Migrating resources to the cloud can also involve 
managing a combination of SaaS, self-hosted, and 
non-web applications, which further complicates the 
ability to secure and control access to those 


resources. Using outdated technology, such as VPNs, Partnering for greater security outcomes 
to securely connect users to applications can create With multiple integration points across Microsoft's 
security gaps and frustrate employees. cloud ecosystem, Cloudflare enables customers to 


eliminate gaps in security, performance, and reliability. 
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Greater efficiency Complete protection 

Simplify access to hybrid and Provide secure access to any 
multi-cloud environments by resource, regardless of 
extending Azure Active location, with limited access for 
Directory (AD) control to unmanaged devices - all while 
non-Microsoft apps while protecting users from business 
consolidating management with email compromise (BEC) and 

a single, unified interface. targeted phishing threats. 
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Continuous productivity 


Enable employees to safely 
access the vital resources they 
depend on while enforcing 
policy requirements and 
ensuring secure and reliable 
connectivity with zero 
workflow disruption. 
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Integrated solutions for hybrid work 


Cloudflare Zero Trust 


Microsoft Cloud 


Cloudflare offers Zero Trust services that deliver fast Microsoft offers cloud applications and services that 


and secure access to applications, while ensuring 
comprehensive protection against SaaS application 
exposure, malware, and targeted phishing threats. 
These services provide: 


e Secure network access 

e Risky user isolation 

e Phishing and BEC protection 
e Application and data visibility 
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support and accelerate hybrid work, while delivering 
essential protection across identities, devices, data, 
applications, and infrastructure. These services 
include: 


e Cloud productivity suite 

e Cloud-hosted applications 
e Identity protection 

e Endpoint security 


Azure Active Directory 
Enable secure authentication 
and conditional access across 
hybrid work 


Microsoft 365 
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; preemptive defense from 
DLP g Office 365 socially engineered phish and 
misconfiguration risks 


TOTA o----------- 
Azure Apps and VPCs 
ZTNA Enable secure access to 
on-prem or Azure-hosted apps 
without needing a VPN 


Endpoint Security Mgr 

Identify and remediate threats 
= faster, and securely manage 
am Intune devices from a single platform 


Networking Partner 
Deliver a fast, secure Office 

EE Microsoft 365 experience to customers’ 
employees 


, Defender & Sentinel APIs 
da Microcar Integrate XDR & SIEM context 
W Defender into access policies 
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Simplify and secure access 
A faster and safer way to connect users to apps 


Traditional perimeter-based access controls (like 
VPNs) are increasingly a liability. Sluggish performance 
hurts end-user productivity, administrators struggle 
with unwieldy configuration, and lateral movement is 
hard to contain. Accelerated cloud adoption and hybrid 
work have further exposed these flaws and made 
VPNs more vulnerable. 


Cloudflare Access replaces VPN clients to protect any 
application, in any on-prem network, public cloud, or 
SaaS environment. By integrating with Microsoft Intune 
and Azure Active Directory (AD), Cloudflare can 
enforce default-deny, Zero Trust rules and provide 
conditional access to internal resources based on 
identity and device posture. 


Per-application conditional access 


Cloudflare’s integrations with Azure AD and Intune 
enable both identity and device posture-aware policy 
enforcement. Azure AD allows administrators to create 
and enforce policies on both applications and users 
using Conditional Access. It provides a wide range of 
parameters that can be used to control user access to 
applications (e.g. user risk level, sign-in risk level, 
device platform, location, client apps, etc.). 


For client-based deployment, policies can leverage the 
enhanced telemetry and context that Intune provides 
surrounding a user’s device posture and compliance 
state. This allows security teams to define their 
security conditions in Azure AD and enforce them 
through Cloudflare Access. 
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Prevent user deception & exploitation 
Safeguard users and data with layered security 


As modern phishing threats increase in sophistication 
and social engineering tactics become more 
convincing, the exploitation of individual users 
continues to represent the largest risk to 
organizations. To reduce this risk, Microsoft continues 
to develop and deliver essential controls for email 
hygiene and outbound data protection. 


However, targeted and evasive attacks can often 
bypass built-in security controls. By preemptively 
detecting phishing campaigns early in the attack 
lifecycle and automatically blocking or isolating 
malicious content, Cloudflare can augment native 
Microsoft controls to provide comprehensive 
protection against threats that target users across 
email and other collaboration applications. 
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Stop targeted phishing and BEC attacks 


Deploy advanced protection in minutes with flexible 
configuration options and a cloud architecture that 
scales to any requirements. By enhancing native M365 
controls with Cloudflare, organizations can: 


e Prevent malware-less financial fraud with 
machine learning (ML) that analyzes message 
context to detect compromised accounts. 


e Block emerging threats in real-time, without 
needing to constantly tune a secure email gateway 
or wait for signature/policy updates. 


e Discover impersonated accounts and domains, 
including lookalike and proximity domains that 
attackers use to bypass DMARC, DKIM, and SPF. 


e isolate deferred and multi-channel attacks that 
often evade traditional email security controls 
using deceptive links. 


Preemptive Threat Defense 
(URLs, Payloads, BECs, Spoofs) 
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Eliminate SaaS and data exposure 
Greater visibility across SaaS applications 


Modern workforces rely on SaaS applications and 
cloud productivity suites, like Microsoft 365, now more 
than ever. Microsoft’s mission-critical SaaS 
applications drive business productivity, but also 
introduce security risks, visibility challenges, and 
access control roadblocks. 


As organizations adopt dozens of SaaS applications, it 
becomes increasingly difficult to maintain consistent 
security, visibility, and performance. With every 
application having a different configuration and 
requiring unique security considerations, IT teams are 
challenged with staying compliant and protecting 
sensitive data across a wide landscape. 


Cloudflare CASB removes these hurdles by providing 
extensive visibility across Microsoft 365 and other 
popular SaaS applications. This visibility enables 
organizations to quickly identify misconfigurations, 
exposed files, user access, and 3rd-party access. 


Greater control over access and usage 


SaaS applications operate outside of the corporate 
network, which can limit the amount of control over 
how employees use these applications. Cloudflare 
delivers greater control over SaaS applications to 
easily prevent data leaks and compliance violations. 
These controls include: 


Tenant and data protection controls 

Apply tenant controls to prevent users from 
accessing and storing data in the wrong versions 
of popular SaaS applications, either inadvertently 
or maliciously. Disable user actions (e.g. 
copy/paste, download/upload, print, etc.) to 
minimize the risk of data loss. 


Shadow IT controls 

Aggregate and automatically categorize all HTTP 
requests so that admins can set the status and 
track the usage of both approved and unapproved 
applications. 
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Stop data loss and exfiltration 
Increase agility, not complexity for more data control 


Maintaining a thorough inventory of sensitive data is 
harder than it seems and generally a massive lift for 
security teams. To help overcome data security 
troubles, Microsoft offers their customers data 
classification and protection tools. One popular option 
are the sensitivity labels available with Microsoft 
Purview Information Protection. However, customers 
need the ability to track sensitive data movement even 
as it migrates beyond the visibility of Microsoft. 


With Cloudflare DLP, extend the power of Microsoft's 
labels to any of your corporate traffic in just a few 
clicks. 
1. Integrate with your Microsoft account 
2. Retrieve your sensitivity labels with CASB 
which automatically populates into DLP profiles 
3. Build DLP rules to guide the movement of your 
confidential labeled data 


Accesses/moves labeled 
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Microsoft Purview 
Sensitivity Labels 
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Simplify regulatory compliance & safeguard IP 


Data privacy regulations are becoming stricter and 
more expansive globally. But the explosive adoption of 
SaaS and cloud environments is leading to more 
personal data and code exposures. Cloudflare DLP 
reduces your risk of data breach by extending visibility 
and simplifying controls of your most sensitive data. 


Regulated data controls 

Quickly enable predefined DLP profiles to parse 
employee network traffic and block sharing of 
regulated data, such as PII, PHI, and other 
financial information (e.g., banking / credit card 
numbers). 


Advanced customization for ever changing data 
Apply granular controls to your other sensitive 
data types, such as secrets, code, credentials, 
and IP, by creating custom DLP profiles with 
context analysis and Exact Data Match. 
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Microsoft Information 
Protection (MIP) Labels 
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Predefined DLP Profiles 


Financial, Identifiers, 
Creds/Secrets, Code 
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Custom DLP Profiles 
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Count, Context Analysis 
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Composable, fully-integrated security 


Building resilient operations depends not only on securing 
resources and infrastructure based on present conditions, 
but ensuring the ability to easily adapt and scale to future 
circumstances. By combining the power of Microsoft's 
cloud solutions with Cloudflare’s Zero Trust platform, 
organizations can safely enable their employees to easily 
work from anywhere, without fear of costly breaches or 
disruptions. 


No matter where an organizations are at in their cloud 
migration journey, Cloudflare can layer on protection as 
needed. Thanks to the composable nature of Cloudflare’s 
Zero Trust platform, businesses can adopt and implement 
services at their own pace, based on their most critical 
needs and use cases. 


Key takeaways for Microsoft customers 


Increase value, not cost 


Cloudflare enables greater 
consolidation and unified 
workflows with Microsoft that 
accelerate productivity while 
reducing overhead, manual 
tasks, and redundant features. 
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Drive seamless security 


Cloudflare Zero Trust services 
complement Microsoft's cloud 
solutions to enhance their 
overall operational value while 
closing security gaps and 
exposure. 


Be more secure with Microsoft using Cloudflare One 


Request a Zero Trust Workshop 
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Not quite ready for a 
live conversation? 


Keep learning more 
about Cloudflare's 


SSE & SASE platform 
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Improve resiliency 


By simplifying and securing 
hybrid-cloud environments, 
Cloudflare and Microsoft can 
help your organization stay 
resilient, no matter what future 
circumstances arise. 


